BuddyPress 12.1.1 Maintenance & Security release

Published on January 16th, 2024 by Mathieu Viet

BuddyPress 12.1.1 is now available. This is a security and maintenance release. Please update your BuddyPress as soon as possible.

The 12.1.1 release addresses the following minor security issue:

Using the Cover Image group’s REST API Endpoints, it was possible to a non member of private/hidden group to get the corresponding group Cover Image URL. Discovered by Colin Xu.

This vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure.

BuddyPress 12.1.1 also fixes 10 bugs. For complete details, visit the 12.1.1 changelog.

Get BuddyPress 12.1.1

You can get the latest version by clicking on the above button, downloading it from the WordPress.org plugin directory or checking it out from our Subversion repository.

Many thanks to 12.1.1 contributors

sabernhardt, emaralive, shawfactor, strategio, vapvarun, perchenet & imath.

One Response to “BuddyPress 12.1.1 Maintenance & Security release”

BuddyPress 12.1.1 Maintenance & Security Release | BP Dev Updates says:

January 16, 2024 at 11:52 pm

[…] BuddyPress 12.1.1 Maintenance & Security release […]

BuddyPress.org